From passing on incorrect information to snooping on friends, a number of shocking data protection breaches in police forces have been uncovered. With hundreds of incidents every year it is time to start asking whether it is too easy for police databases to be abused to snoop on innocent people.
Big Brother Watch has long been concerned about the number of data breaches occurring within police forces. In 2011, we published the report ‘Police Databases: How More Than 900 Staff Abused Their Access’. The report highlighted a shocking number of data protection breaches and the subsequent limited number of punishments that were handed out. We also commented on the recent case of a police officer being charged with stealing thousands of accident victims’ details from her police force’s computer to sell to law firms.
The Deregulation Bill, debated by MPs today, has caused alarm after it was highlighted that one of its clauses, which alters the process for obtaining production orders with regard to material held by journalists, significantly undermines the essential protections for journalists from being forced to hand over material to the police.
Of particular concern is a warning from Gavin Millar QC, who is currently representing BSkyB in a case where the Metropolitan Police are seeking material from them, is that this change could be combined with a ‘Closed Material Procedure’ – where a court sits in closed, or secret, session – and would mean the media is not present, or in some cases even notified of the hearing, when the police make an application to seize material.
Currently requests for material belonging to a journalist or media organisation must be made in open court, with the opportunity for challenge by the organisation affected. The combined effect of this change and closed material proceedings could lead to a situation where a judge is asked to consider a production order in a secret hearing without adversarial debate between the requesting body and the media organisation involved.
We are barely into 2014, yet we are faced with yet another serious data protection breach concerning a public sector computer. On this occasion, a police officer has been charged with stealing thousands of accident victims’ details from her police force’s computer and selling them to law firms
This case alone highlights that serious need for our courts to issue much tougher penalties for unlawfully obtaining or disclosing personal information, otherwise these cases will continue to occur.
A court has heard that Sugra Hanif accessed Thames Valley Police’s command and control computer to note down the personal details of members of the public involved in road traffic accidents, including the unique reference number each incident was given.
The National Crime Agency (NCA) has been launched today by the Home Office with announcements that it will have access to some of the most high tech surveillance tools available but will also promote an environment of transparency and openness. Yet, with an exemption from the Freedom of Act and being regulated by outdated legislation, how accountable will the Agency be?
The NCA has billed itself as being more open and transparent than its predecessors, yet it won’t be subject to the Freedom of Information Act (FOI) on the basis that this would “jeopardise its operational effectiveness and ultimately result in lower levels of protection for the public.” Considering the Agency will have highly intrusive surveillance techniques at its disposal, it is remarkable that it is allowed to be able to use them behind a cloak of secrecy. FOI would not prevent intelligence sharing, protecting sources of information or expose police tactics and technology. Indeed, every police force in the country and the Association of Chief Police Officers all manage to operate with FOI applying to them.
Another transparency report, another reminder all is not well.
Yahoo! has just added its own statistics to those of Facebook, Microsoft, Google and others. We blogged last week on Facebook’s new data and the questions that now urgently need answering about how powers to access data are being used and the oversight of surveillance powers.
Yahoo! rejected 456 requests – that’s 27% of all the requests they received. They also disclosed content – which highlights that the authorities are able to access more than just the “who, what and where” of communications. Another reminder that far from being a wild west, UK authorities are able to access content and other data from online communications companies.
This is a guest post from Neil Wallis, a former editor of the News of the World. He is a Fleet Street veteran for 35 years, former editor of The People, former deputy editor of both The Sun and the News of the World, and gave evidence twice at the Leveson Inquiry. He was arrested at 6am on 14 July 2011 as part of the Metropolitan Police’s Operation Weeting but cleared in February 2013.
On 25th May, 2012, a Metropolitan Police sergeant stared me coldly in the eye and told me he planned to charge me with serious corporate crime.
It was 10 months since I had been arrested in a 5.30am dawn raid at my West London crime den by officers from the Met’s Operation Weeting squad investigating allegations of conspiracy to hack telephones by the News of the World.
That day – only my second interview since I’d been marched off to a prison cell back on 14th July 2011 – he threatened these alleged new offenses by explaining that, as a former Deputy Editor of the newspaper I was a very senior company executive with corporate responsibilities.
Writing in today’s Guardian, Lord Falconer, the former Lord Chancellor who helped introduce the Terrorism Act 2000, has laid bare the increasingly clear case that the police acted unlawfully in detaining David Miranda under Schedule 7 of the Terrorism Act 2000.
“The Terrorism Act defines a terrorist as someone “involved in committing preparing or instigating acts of terrorism”. Miranda is plainly not committing or preparing acts of terrorism.”
At stake is not only a procedural check but the fundamental principle of the rule of law – namely, that the state will not use powers granted to it for reasons the democratically elected legislature has not permitted.
Today a new Code of Practice on the use of CCTV comes into force, to sit alongside the new position of Surveillance Camera Commissioner.
The code is a step in the right direction towards bringing proper oversight to the millions of cameras that capture our movements every day. However, with only a small fraction of cameras covered and without any penalties for breaking the code, we hope that this is only the beginning of the process and that further steps will be taken in the future to protect people’s privacy from unjustified or excessive surveillance.
Given that the responsibility for legally enforcing the Data Protection Act with regard to CCTV (apart from private cameras, which remain exempt) will remain with the Information Commissioner, we are concerned that public confidence will not be helped if the process of making a complaint and action being taken is not straightforward. Equally, the situation of private cameras not being subject to regulation, with the only power available to the police to prosecute for harassment, is unsustainable as the number of people using them increases.
Over the last few years we have highlighted various privacy concerns about a range of government databases, from the National DNA Database to the DVLA database. Our report in 2011 found how nearly 1,000 police officers had been disciplined for unlawful accessing information over a three year period. Violations of the Data Protection Act included running background checks on friends and potential partners and passing on sensitive information to criminal gangs and drug dealers.
Today The Register has revealed that the RSPCA is able to access information from the PNC, despite not having any formal prosecution powers and not being a statutory-organisation. The information handed over is subsequently going unaudited by the Association of Chief Police Officers Criminal Records Office (ACRO) – run by the Association of Chief Police Officers – who also charge for the access. This is despite the PNC User Manual specifically stipulating that auditing is required for organisations that have had access to ‘sensitive information’. If auditing is not being carried out, it is impossible to know whether the RSPCA are using the sensitive data under necessity and proportionately and if they are deleting it when their investigation has concluded.